In response to reports that the passwords and email account information of 117M LinkedIn users are reportedly for sale:
John Gunn, VP of Communications, VASCO Data Security comments: If the data being offered is verified, this represents a massive risk to countless organizations. LinkedIn is work related, so many employees of an enterprise will use their exact work credentials, username and password for their LinkedIn account. This means that the hackers and their eventual buyers could have the login credentials for many millions of enterprises employees. No one should ever use their work password for any other account and everyone should be using a second factor of authentication when security matters.
It may seem obvious, but to be safe, everyone with a LinkedIn account should reset their password, now.
Craig Kensec, security expert, Lastline says: If LinkedIn has not upgraded the security of their network, website, and protection of their databases since 2012, I strongly recommend they do so immediately. Cyber criminals' capabilities to create tools to breach networks are advancing at a speed that would put Olympian Usain Bolt to shame. LinkedIn, if this is deemed authentic, should either strongly request or require that LinkedIn users change their passwords immediately. They may want to consider sending a reminder to LinkedIn individuals on a quarterly basis to change their passwords.
LinkedIn should present a brief sentence suggesting to new account holders that they create a unique strong password, and to existing account holders a prompt to update their password at regular intervals. LinkedIn should use one of the tools showing the password strength during the creation and update process.